Recon

sudo apt install golang chromium-driver
go get github.com/michenriksen/aquatone
export PATH="$PATH":"$HOME/go/bin"

// aquatone to get screenshots
cat facebook_aquatone.txt | aquatone -out ./aquatone -screenshot-timeout 1000

// zone transfer
nslookup -type=any -query=AXFR zonetransfer.me nsztm1.digi.ninja

//discovering Virtual Hosts using ffuf
ffuf -w ./vhosts -u http://192.168.10.10 -H "HOST: FUZZ.randomtarget.com" -fs 612

//solving 
curl -i -s http://10.129.88.154 -H "HOST: dmz.inlanefreight.htb"

// content-length
ffuf -w /opt/useful/SecLists/Discovery/DNS/namelist.txt -u http://10.129.88.154 -H "HOST: FUZZ.inlanefreight.htb" -fs 102

// crawl to find hidden

ffuf -recursion -recursion-depth 1 -u http://192.168.10.10/FUZZ -w /opt/useful/SecLists/Discovery/Web-Content/raft-small-directories-lowercase.txt

// cewl to extract words
cewl -m5 --lowercase -w wordlist.txt http://192.168.10.10

// ffuf with extensions
ffuf -w ./folders.txt:FOLDERS,./wordlist.txt:WORDLIST,./extensions.txt:EXTENSIONS -u http://192.168.10.10/FOLDERS/WORDLISTEXTENSIONS

// all subdomains
export TARGET="githubapp.com"
curl -s "https://crt.sh/?q=${TARGET}&output=json" | jq -r '.[] | "\(.name_value)\n\(.common_name)"' | sort -u > "${TARGET}_crt.sh.txt"

// JS obfuscator

https://obfuscator.io/
https://jsconsole.com/

// js deobfuscate
http://www.jsnice.org/

//decode HEX
echo 68747470733a2f2f7777772e6861636b746865626f782e65752f0a | xxd -p -r

//rot13
ot13, http://www becomes uggc://jjj
// rot13 decode
echo uggcf://jjj.unpxgurobk.rh/ | tr 'A-Za-z' 'N-ZA-Mn-za-m'

//tool
https://rot13.com/

// cypher identifier
https://www.boxentriq.com/code-breaking/cipher-identifier

// decode hex
echo "4150495f70336e5f37333537316e365f31355f66756e" | xxd -r -p && echo ''